# TeleportGithubConnector This guide is a comprehensive reference to the fields in the `TeleportGithubConnector` resource, which you can apply after installing the Teleport Kubernetes operator. ## resources.teleport.dev/v3 **apiVersion:** resources.teleport.dev/v3 | Field | Type | Description | | ---------- | --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | apiVersion | string | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: | | kind | string | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: | | metadata | object | | | spec | [object](#spec) | GithubConnector resource definition v3 from Teleport | ### spec | Field | Type | Description | | -------------------------- | --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | | api\_endpoint\_url | string | APIEndpointURL is the URL of the API endpoint of the Github instance this connector is for. | | client\_id | string | ClientID is the Github OAuth app client ID. | | client\_redirect\_settings | [object](#specclient_redirect_settings) | ClientRedirectSettings defines which client redirect URLs are allowed for non-browser SSO logins other than the standard localhost ones. | | client\_secret | string | ClientSecret is the Github OAuth app client secret. This field supports secret lookup. See the operator documentation for more details. | | display | string | Display is the connector display name. | | endpoint\_url | string | EndpointURL is the URL of the GitHub instance this connector is for. | | redirect\_url | string | RedirectURL is the authorization callback URL. | | teams\_to\_roles | \[][object](#specteams_to_roles-items) | TeamsToRoles maps Github team memberships onto allowed roles. | | user\_matchers | \[]string | UserMatchers is a set of glob patterns to narrow down which username(s) this auth connector should match for identifier-first login. | ### spec.client\_redirect\_settings | Field | Type | Description | | ------------------------------- | --------- | -------------------------------------------------------------- | | allowed\_https\_hostnames | \[]string | a list of hostnames allowed for https client redirect URLs | | insecure\_allowed\_cidr\_ranges | \[]string | a list of CIDRs allowed for HTTP or HTTPS client redirect URLs | ### spec.teams\_to\_roles items | Field | Type | Description | | ------------ | --------- | --------------------------------------------------------- | | organization | string | Organization is a Github organization a user belongs to. | | roles | \[]string | Roles is a list of allowed logins for this org/team. | | team | string | Team is a team within the organization a user belongs to. |